Metasploit Nessus bridge plugin unleashed – Part 1

The Metasploit Team has release a new plugin, a bridge between Metasploit and Nessus. This new plugin is a collaboration between HD Moore, James Lee, Zate Berg, darkoperator and the Nessus Team. If you follow the PaulDotCom podcast, you know that Paul is a employe of the Nessus team and that darkoperator (aka Carlos Perez) is an official developer of the Metasploit project. A good collaboration between the 2 teams how has uncorked on this new important step in Metasploit.

To activate the Nessus bridge plugin, just update you Metasploit installation to the latest revision and log in the Metasploit console. The pre-requirements are that you need to have a running Nessus 4.2.x installation with a valid user account.

Loading the nessus plugin

Loading the Nessus plugin

Generic commands

Getting help – nessus_help :

To have an overview of all the Metasploit Nessus bridge plugin commands, just type :

“login” and “password” variables are you’re Nessus user login and password. “nessusd_ip” variable is the IP address or the hostname of Nessusd. “port” variable is the port where Nessusd is listening, by default 8834/tcp. “ok” variable is for letting you know that nessus use a self signed certificate and that risks are present.

Connecting to Nessus

Saving your connexion configuration – nessus_save :

To save your connexion configuration just run the nessus_save command, a nessus.yaml file will be created into you $HOME/.msf3 directory. You don’t need anymore to provide the nessus_connect variables.

Logout from nessus – nessus_logout :

To disconnect from Nessus, just run the following command :

Nessus logout

Checking Nessus status – nessus_server_status :

To check the Nessus version, the feed version, the Nessus Web version, the total number of users, policies, running scans, reports and plugging, run the following command :

Nessus status check

Checking the current Nessus user privileges – nessus_admin :

If the Nessus user used is an admin, the following result is displayed

Nessus admin user check

If the Nessus user used is not an admin, the following result is displayed

Nessus normal user check

Checking the Nessusd Feed type – nessus_server_feed :

To check the Nessus version, the feed version and the Nessus Web version, run the following command :

Nessus Feed check

User Commands

List of all Nessus users – nessus_user_list :

If you are an admin, you will be able to list all the Nessus users, they’re login, user rights (admin or not), and they’re last login dates.

Nessus users list

Adding a Nessus user – nessus_user_add :

If you are an admin, you will be able to add a normal Nessus user by typing the following command :

nessus_user_add

Adding a Nessus user

Deleting a Nessus user – nessus_user_del :

If you are an admin, you will be able to delete a normal, or an admin, Nessus user.

Deleting a Nessus user

Changing a Nessus user password – nessus_user_passwd :

If you are an admin, you will be able to change the password of admin, and non admin, Nessus users.

Nessus user password change

Policy commands

You still need to first create your policy in Nessus between the Nessus Client or Web Interface.

Listing of all Nessus policies – nessus_policy_list :

If you are a normal Nessus user, you will only be able to see the “Shared” Nessus policies.

Shared policies for normal Nessus user

But if you are an admin user, you will be able to see the “Shared” and “Private” Nessus policies.